Patch/openvpn-install
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed Centos for now

Browse Source
This commit is contained in:
Gizem Gür 2018-04-19 22:14:07 +03:00 committed by GitHub
parent 4143f15105
commit 7c35c325b4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
openvpn-install.sh
View File

@ -1,11 +1,5 @@
#!/bin/bash #!/bin/bash
# OpenVPN road warrior installer for Debian, Ubuntu and CentOS # OpenVPN road warrior installer for Debian and Ubuntu
# This script will work on Debian, Ubuntu, CentOS and probably other distros
# of the same families, although no support is offered for them. It isn't
# bulletproof but it will probably work if you simply want to setup a VPN on
# your Debian/Ubuntu/CentOS box. It has been designed to be as unobtrusive and
# universal as possible.
# Detect Debian users running the script with "sh" instead of bash # Detect Debian users running the script with "sh" instead of bash
@ -25,20 +19,12 @@ You need to enable TUN before running this script"
exit 3 exit 3
fi fi
if grep -qs "CentOS release 5" "/etc/redhat-release"; then
echo "CentOS 5 is too old and not supported"
exit 4
fi
if [[ -e /etc/debian_version ]]; then if [[ -e /etc/debian_version ]]; then
OS=debian OS=debian
GROUPNAME=nogroup GROUPNAME=nogroup
RCLOCAL='/etc/rc.local' RCLOCAL='/etc/rc.local'
elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then
OS=centos
GROUPNAME=nobody
RCLOCAL='/etc/rc.d/rc.local'
else else
echo "Looks like you aren't running this installer on Debian, Ubuntu or CentOS" echo "Looks like you aren't running this installer on Debian or Ubuntu"
exit 5 exit 5
fi fi
@ -165,11 +151,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then
fi fi
fi fi
fi fi
if [[ "$OS" = 'debian' ]]; then apt-get remove --purge -y openvpn libpam-google-authenticator
apt-get remove --purge -y openvpn libpam-google-authenticator
else
yum remove openvpn -y
fi
rm -rf /etc/openvpn rm -rf /etc/openvpn
echo "" echo ""
echo "OpenVPN removed!" echo "OpenVPN removed!"
@ -224,15 +206,9 @@ else
echo "" echo ""
echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now" echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now"
read -n1 -r -p "Press any key to continue..." read -n1 -r -p "Press any key to continue..."
if [[ "$OS" = 'debian' ]]; then apt-get update
apt-get update apt-get install openvpn iptables openssl ca-certificates -y
apt-get install openvpn iptables openssl ca-certificates -y apt-get install libqrencode3 libpam-google-authenticator -y
apt-get install libqrencode3 libpam-google-authenticator -y
else
# Else, the distro is CentOS
yum install epel-release -y
yum install openvpn iptables openssl wget ca-certificates -y
fi
# An old version of easy-rsa was available by default in some openvpn packages # An old version of easy-rsa was available by default in some openvpn packages
if [[ -d /etc/openvpn/easy-rsa/ ]]; then if [[ -d /etc/openvpn/easy-rsa/ ]]; then
rm -rf /etc/openvpn/easy-rsa/ rm -rf /etc/openvpn/easy-rsa/
@ -345,7 +321,7 @@ plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn" >> /etc/openvpn/serv
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
else else
# Needed to use rc.local with some systemd distros # Needed to use rc.local with some systemd distros
if [[ "$OS" = 'debian' && ! -e $RCLOCAL ]]; then if [[ ! -e $RCLOCAL ]]; then
echo '#!/bin/sh -e echo '#!/bin/sh -e
exit 0' > $RCLOCAL exit 0' > $RCLOCAL
fi fi
@ -365,34 +341,12 @@ exit 0' > $RCLOCAL
sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL
fi fi
fi fi
# If SELinux is enabled and a custom port or TCP was selected, we need this
if hash sestatus 2>/dev/null; then
if sestatus | grep "Current mode" | grep -qs "enforcing"; then
if [[ "$PORT" != '1194' || "$PROTOCOL" = 'tcp' ]]; then
# semanage isn't available in CentOS 6 by default
if ! hash semanage 2>/dev/null; then
yum install policycoreutils-python -y
fi
semanage port -a -t openvpn_port_t -p $PROTOCOL $PORT
fi
fi
fi
# And finally, restart OpenVPN # And finally, restart OpenVPN
if [[ "$OS" = 'debian' ]]; then # Little hack to check for systemd
# Little hack to check for systemd if pgrep systemd-journal; then
if pgrep systemd-journal; then systemctl restart openvpn@server.service
systemctl restart openvpn@server.service
else
/etc/init.d/openvpn restart
fi
else else
if pgrep systemd-journal; then /etc/init.d/openvpn restart
systemctl restart openvpn@server.service
systemctl enable openvpn@server.service
else
service openvpn restart
chkconfig openvpn on
fi
fi fi
# Try to detect a NATed connection and ask about it to potential LowEndSpirit users # Try to detect a NATed connection and ask about it to potential LowEndSpirit users
EXTERNALIP=$(wget -4qO- "http://whatismyip.akamai.com/") EXTERNALIP=$(wget -4qO- "http://whatismyip.akamai.com/")